A new, unique malware campaign has been recently detected by a group of security researchers. The campaign includes a concoction of well-known banking trojans Emotet and TrickBot, as well as the nascent Ryuk ransomware.
Experts from security firm Cybereason have tracked this campaign’s activity and observed that it was primarily aimed at European and American companies. Just like most of the modern attack campaigns, this one also used weaponized Word documents in phishing emails which download the malware trio.
TrickBot cripples the defense system
Once it enters the system, the banking trojan works its way to disable the computer’s defense system. “In order to ensure persistence, TrickBot creates a scheduled task and a service. To reduce the likelihood of being detected by an antimalware product, TrickBot also tries to disable and delete Windows Defender,” Cybereason wrote.
Ultimately, this trio of malware can wreak havoc and take down large networks that belong to organizations.